-- Block several IP addresses that have been associated with malicious activity in the past, according to Johannes Ullrich with SANS. Details are posted on the SANS Internet Storm Centre diary.

"WMF exploitation has rapidly become a major threat, especially as the work week resumes after a long holiday weekend," iDefense spokesman Ken Dunham said in an e-mail advisory. "The situation is rapidly escalating now with hundreds of hostile sites purported, dozens confirmed, and more from public and private data shared to date. ...Traditionally, any rapid exploitation on a widespread basis within seven days or less has led to a major meta-event."

For more information on the WMF vulnerability from security vendors and experts:

F-Secure's blog -- http://www.f-secure.com/weblog/

Hexblog -- hexblog.com